MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution

This feature lets you configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths. Previously, you had to use Label Distribution Protocol (LDP) to carry the labels and an Internal Gateway Protocol (IGP) to carry the routes between PE and CE routers to achieve the same goal.

The benefits of using BGP to distribute IPv4 routes and MPLS label routes are that:

•BGP takes the place of an IGP and LDP in a VPN forwarding/routing instance (VRF) table. You can use BGP to distribute routes and MPLS labels. Using a single protocol instead of two simplifies the configuration and troubleshooting.

•BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs to use BGP.

This feature is an extension of the Carrier Supporting Carrier feature, introduced in Release 12.0(14)ST, which was based on LDP.

This feature was implemented on the Cisco 12000 series router (see Table 1 for the line cards supported) and integrated into Cisco IOS Release 12.0(22)S.

12.0(23)S

Support was added for the Cisco 12000 Series Eight-Port OC-3c/STM-1c ATM Line Card (8-Port OC-3 ATM) and the Cisco 12000 Series Three-Port Gigabit Ethernet Line Card (3-Port GbE).

12.2(13)T

This feature was integrated into Cisco IOS Release 12.2(13)T.

12.0(24)S

Support was added for the Cisco 12000 Series One-Port 10-Gigabit Ethernet Line Card (1-Port 10-GbE) and the Cisco 12000 Series Modular Gigabit Ethernet/ Fast Ethernet Line Card (Modular GbE/FE) and implemented on Cisco IOS 12.0(24)S.

12.2(14)S

This feature was integrated into Cisco IOS Release 12.2(14)S and implemented on Cisco 7200 and Cisco 7500 series routers.

12.0(27)S

Support was added for EBGP multipath on the provider edge (PE)-customer edge (CE) links.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

On a PE router, you can configure an interface for either BGP with labels or LDP. You cannot enable both types of label distribution on the same interface. If you switch from one protocol to the other, then you must disable the existing protocol on all interfaces before enabling the other protocol.

This feature does not support the following:

•EBGP multihop between CSC-PE and CSC-CE routers

•EIBGP multipath load sharing

The physical interfaces that connect the BGP speakers must support Cisco Express Forwarding (CEF) or distributed Cisco Express Forwarding (dCEF) and MPLS.

To configure a carrier supporting carrier network that uses BGP to distribute routes and MPLS labels between the PE and CE routers of a backbone carrier and a customer carrier, you need to understand the following concepts:

Major Components of MPLS VPNs

•VPN route target communities—A VPN route target community is a list of all other members of a VPN community. VPN route targets need to be configured for each VPN community member.

•Multiprotocol BGP (MP-BGP) peering of VPN community PE routers—MP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community.

•MPLS forwarding—MPLS transports all traffic between all VPN community members across a VPN service-provider network.

A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member.

An MPLS VPN consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more CE routers attaches to one or more PE routers. The PE routers use the MP-BGP to dynamically communicate with each other.

BGP Label Distribution

BGP Routing Information

BGP routing information includes the following items:

•A network number (prefix)—The IP address of the destination.

•Autonomous system (AS) path—A list of other ASs through which a route passes on its way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began.

•Path attributes—Descriptors that provide other information about the AS path, for example, the next hop.

Types of BGP Messages

MPLS labels are included in the update messages that a router sends. Routers exchange the following types of BGP messages:

•Open Messages—After a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the AS number to which the router belongs and the IP address of the router who sent the message.

•Update Messages—When a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the Network Layer Reachability Information (NLRI), which lists the IP addresses of the usable routes. The update message also includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPNv4 routes are encoded in the update message as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message as specified in RFC 3107.

•Keepalive Messages—Routers exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it only contains a message header.

•Notification Messages—When a router detects an error, it sends a notification message.

How BGP Sends MPLS Labels with Routes

When BGP (both EBGP and IBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved.

When you issue the neighbor send-label command on both BPG routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.

This feature enables you to configure a carrier supporting carrier network that uses BGP to distribute routes and MPLS labels between the PE and CE routers of a backbone carrier and a customer carrier. The backbone carrier offers BGP and MPLS VPN services. The customer carrier can be either of the following:

This document describes how to use BGP to distribute MPLS labels and routes for both types of customer carrier.

Customer Carrier Is an Internet Service Provider with an IP Core

Figure 1 shows a network configuration where the customer carrier is an ISP. The customer carrier has two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a VPN service provided by the backbone carrier. The backbone carrier uses MPLS. The ISP sites use IP.

Figure 1 Network Where the Customer Carrier Is an ISP

In this configuration, the links between the CE and PE routers use EBGP to distribute IPv4 routes and MPLS labels. Between the links, the PE routers use multiprotocol IBGP to distribute VPNv4 routes.

Note If a router other than a Cisco router is used as a CSC-PE or CSC-CE, that router must support IPv4 BGP label distribution (RFC 3107). Otherwise, you cannot run EBGP with labels between the routers.

Customer Carrier Is an MPLS Service Provider With or Without VPN Services

Figure 2 shows a network configuration where the backbone carrier and the customer carrier are BGP/MPLS VPN service providers. The customer carrier has two sites. Both the backbone carrier and the customer carrier use MPLS in their networks.

Figure 2 Network Where the Customer Carrier Is an MPLS VPN Service Provider

In this configuration, the customer carrier can configure its network in one of the following ways:

•The customer carrier can run IGP and LDP in its core network. In this case, the CSC-CE1 router in the customer carrier redistributes the EBGP routes it learns from the CSC-PE1 router of the backbone carrier to IGP.

•The CSC-CE1 router of the customer carrier can run an IPv4 and labels IBGP session with the PE1 router.

You need to identify the type of customer carrier as well as the topology of the carriers.

Note You can connect multiple CSC-CE routers to the same PE or you can connect a single CSC-CE router to CSC-PEs using more than one interface to provide redundancy and multiple path support in CSC topology.

Perform this task to identify the carrier supporting carrier topology.

SUMMARY STEPS

1. Identify the type of customer carrier, ISP or MPLS VPN service provider.

Configuring and Verifying the Backbone Carrier Core

Configuring the backbone carrier core in an MPLS VPN carrier supporting carrier network with BGP label distribution requires setting up connectivity and routing functions for the CSC-Core and the CSC-PE routers.

Prerequisites

Before you configure a backbone carrier core for the MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution feature, you must configure the following on the CSC-Core routers:

Troubleshooting Tips

You can enter a show ip bgp neighbor command to verify that the neighbors are up and running. If this command is not successful, enter a debug ip bgp x.x.x.x events command, where x.x.x.x is the IP address of the neighbor.

•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along.

Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.

Step 4

maximum-pathsnumber-paths

Example:

Router(config-router)# maximum-paths 2

(Optional) Controls the maximum number of parallel routes an IP routing protocol can support.

•The number-paths argument specifies the maximum number of parallel routes an IP routing protocol installs in a routing table, in the range from 1 to 6.

Step 5

address-family ipv4 [multicast | unicast | vrfvrf-name]

Example:

Router(config-router)# address-family ipv4

Specifies the IPv4 address family type and enters address family configuration mode.

•The multicast keyword specifies IPv4 multicast address prefixes.

•The unicast keyword specifies IPv4 unicast address prefixes.

•The vrfvrf-name keyword and argument specifies the name of the VRF to associate with subsequent IPv4 address family configuration mode commands.

Step 6

redistributeprotocol

Example:

Router(config-router-af)# redistribute static

Redistributes routes from one routing domain into another routing domain.

•The protocol argument specifies the source protocol from which routes are being redistributed. It can be one of the following keywords: bgp, egp, igrp, isis, ospf, mobile, static [ip], connected, and rip.

•The connected keyword refers to routes which are established automatically by virtue of having enabled IP on an interface. For routing protocols such as OSPF and IS-IS, these routes will be redistributed as external to the autonomous system.

Step 7

neighbor{ip-address | peer-group-name}
remote-asas-number

Example:

Router(config-router-af)#neighbor pp.0.0.2
remote-as 100

Adds an entry to the BGP or multiprotocol BGP neighbor table.

•The ip-address argument specifies the IP address of the neighbor.

•The peer-group-name argument specifies the name of a BGP peer group.

•The as-number argument specifies the autonomous system to which the neighbor belongs.

Step 8

neighbor {ip-address | peer-group-name}
activate

Example:

Router(config-router-af)#neighbor pp.0.0.2
activate

Enables the exchange of information with a neighboring BGP router.

•The ip-address argument specifies the IP address of the neighbor.

•The peer-group-name argument specifies the name of a BGP peer group.

Step 9

neighborip-addresssend-label

Example:

Router(config-router-af)#neighborpp.0.0.2
send-label

Enables a BGP router to send MPLS labels with BGP routes to a neighboring BGP router.

•Use the show ip bgp vpnv4 all summary command to check that the BGP session is up and running between the CSC-PE routers and the CSC-CE routers. Check the data in the State/PfxRcd column to verify that prefixes are learned during each session.

Step 3

show mpls interfaces [all]

Example:

Router# show mpls interfaces all

(Optional) Displays information about one or more interfaces that have been configured for label switching.

•Use the show mpls interfaces all command to check that MPLS interfaces are up and running, and that LDP-enabled interfaces show that LDP is up and running. Check that LDP is turned off on the VRF because EBGP distributes the labels.

Step 4

show ip route vrfvrf-name [prefix]

Example:

Router# show ip route vrf vpn1 <PE-prefix>

(Optional) Displays the IP routing table associated with a VRF.

•Use the show ip route vrf command to check that the prefixes for the PE routers are in the routing table of the CSC-PE routers.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF routing table.

•Use the show mpls forwarding-table command with the vrf and vrfdetail keywords to check that the prefixes for the PE routers in the local customer MPLS VPN service provider are in the LFIB.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the labels for the same destination learned from the CSC-CE are installed in the corresponding VRF table.

Step 8

tracerouteVRF [vrf-name] ip-address

Example:

Router# traceroute vrf vpn2 jj.jj.jj.jj

Shows the routes that packets follow traveling through a network to their destination.

•Use the traceroute VRF command to check the data path and transport labels from a PE to a destination CE router.

Note This command works only with MPLS-aware traceroute if the backbone routers are configured to propagate and generate IP Time to Live (TTL) information. For more information, see the documentation on the mpls ip propagate-ttl command.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF table.

•Use the show ip bgp summary command to check that the BGP session is up and running on the CSC-CE routers.

Step 3

show ip route [address]

Example:

Router# show ip route PE-address

(Optional) Displays IP routing table entries.

•Use the show ip route command to check that the loopback address of the local and remote PE routers are in the routing table.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF table.

Step 4

show mpls ldp bindings [network {mask | length}

Example:

Router# show mpls ldp bindings PE-prefix 255.255.255.255

(Optional) Displays the contents of the label information base (LIB).

•Use the show mpls ldp bindingscommand to check that the prefix of the local PE router is in the MPLS LDP bindings.

Step 5

show ip cef [network [mask]] [longer-prefixes] [detail]

Example:

Router# show ip cef <PE-prefix>

Router# show ip cef <PE-prefix> detail

(Optional) Displays entries in the forwarding information base (FIB) or a summary of the FIB.

•Use the show ip cef and the show ip cefdetailcommands to check that the prefixes of the local and remote PE routers are in the CEF table.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes and the labels for the same destination learned from the CSC-CE are installed in the corresponding VRF table.

•Use the show mpls forwarding-table and show mpls forwarding-tabledetail commands to check that the prefixes of the local and remote PE routers are in the MPLS forwarding table.

Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes and labels for the same destination learned from the CSC-CE are installed in the corresponding VRF routing table.

To configure route maps on routers, specifically carrier edge routers, you need to understand how to use route maps to filter routes.

Using Route Maps to Filter Routes

When routers are configured to distribute routes with MPLS labels, all the routes are encoded with the multiprotocol extensions and contain an MPLS label. You can use a route map to control the distribution of MPLS labels between routers.

Route maps enable you to specify which routes are distributed with MPLS labels. Route maps also enable you to specify which routes with MPLS labels a router receives and adds to its BGP table.

Route maps work with access control lists (ACLs). You enter the routes into an ACL and then specify the ACL when you configure the route map. The routers accept only routes that are specified in the route map. The routers check the routes listed in the BGP update message against the list of routes in the ACL specified. If a route in the BGP update message matches a route in the ACL, the route is accepted and added to the BGP table.

Prerequisites

Before you configure and apply route maps for the CSC-PE routers, you need to create an ACL and specify the routes that the router should distribute with MPLS labels.

Configuring a Route Map for Incoming Routes

This configuration is optional.

Perform this task to configure a route map to filter for arriving routes.

•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along.

Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.

Step 4

route-mapmap-name[permit | deny]sequence-number

Example:

Router(config-router)# route-mapcsc-mpls-routes-inpermit

Creates a route map with the name you specify.

•The map-name argument identifies the name of the route map.

•The permit keyword allows the actions to happen if all conditions are met.

•A deny keyword prevents any actions from happening if all conditions are met.

•The sequence-number argument allows you to prioritize route maps. If you have multiple route maps and want to prioritize them, assign each one a number. The route map with the lowest number is implemented first, followed by the route map with the second lowest number, and so on.

•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along.

Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.

Step 4

route-mapmap-name[permit | deny] sequence-number

Example:

Router(config-router)# route-mapcsc-mpls-routes-outpermit

Creates a route map with the name you specify.

•The map-name argument identifies the name of the route map.

•The permit keyword allows the actions to happen if all conditions are met.

•A deny keyword prevents any actions from happening if all conditions are met.

•The sequence-number argument allows you to prioritize route maps. If you have multiple route maps and want to prioritize them, assign each one a number. The route map with the lowest number is implemented first, followed by the route map with the second lowest number, and so on.

Configures the router as a BGP route reflector and configures the specified neighbor as its client.

•The ip-address argument specifies the IP address of the BGP neighbor being identified as a client.

Step 8

exit-address-family

Example:

Router(config-router-af)# exit-address-family

Exits address family configuration mode.

Step 9

end

Example:

Router(config-router)# end

(Optional) Exits to privileged EXEC mode.

Troubleshooting Tips

By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only unicast address prefixes. To exchange other address prefix types, such as multicast and VPNv4, neighbors must also be activated using the neighbor activate command in address family configuration mode, as shown.

Route reflectors and clients (neighbors or internal BGP peer groups) that are defined in router configuration mode using the neighbor route-reflector-client command reflect unicast address prefixes to and from those clients by default. To reflect prefixes for other address families, such as multicast, define the reflectors and clients in address family configuration mode using the neighbor route-reflector-client command, as shown.

•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along.

Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.

Step 7

redistributeprotocol

Example:

Router(config-router)# redistribute connected

Redistributes routes from one routing domain into another routing domain.

•The protocol argument specifies the source protocol from which routes are being redistributed. It can be one of the following keywords: bgp, connected, egp, igrp, isis, mobile, ospf, static [ip], or rip.

The connected keyword refers to routes that are established automatically by virtue of having enabled IP on an interface. For routing protocols such as Open Shortest Path First (OSPF) and IS-IS, these routes will be redistributed as external to the autonomous system.

Step 8

neighbor {ip-address | peer-group-name} remote-asas-number

Example:

Router(config-router)# neighbor <CSC-Core-ip-address>remote-as 100

Adds the IP address of the neighbor in the remote autonomous system to the multiprotocol BGP neighbor table of the local router.

•The ip-address argument specifies the IP address of the neighbor.

•The peer-group-name argument specifies the name of a BGP peer group.

•The as-number argument specifies the autonomous system to which the neighbor belongs.

Part of the backbone carrier's network configured to provide carrier supporting carrier VPN services. CSC-PE1 and CSC-PE2 are peering with a VPNv4 IP BGP session to form the MPLS VPN network. In the VRF, CSC-PE1 and CSC-PE2 are peering with the CSC-CE routers, which are configured for carrying MPLS labels with the routes, with an IPv4 EBGP session.

Configuring and Verifying the Backbone Carrier Core: Examples

Configuration and verification examples for the backbone carrier core included in this section are as follows:

Technical Assistance

Description

Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

Command Reference

This feature uses no new or modified commands. All commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

Glossary

AS—autonomous system. A collection of networks that share the same routing protocol and that are under the same system administration.

BGP—Border Gateway Protocol. The exterior border gateway protocol used to exchange routing information between routers in separate autonomous systems. BGP uses Transmission Control Protocol (TCP). Because TCP is a reliable protocol, BGP does not experience problems with dropped or fragmented data packets.

BGP prefix—A route announcement using the BGP. A prefix is composed of a path of autonomous system numbers, indicating which networks the packet must pass through, and the IP block that is being routed. A BGP prefix would look something like: 701 1239 42 206.24.14.0/24. (The /24 part is referred to as a CIDR mask.) The /24 indicates that there are 24 ones in the netmask for this block starting from the left side. A /24 corresponds to the natural mask 255.255.255.0.

EBGP—External Border Gateway Protocol.A BGP session between routers in different autonomous systems (ASs). When a pair of routers in different ASs are more than one IP hop away from each other, an external BGP session between those two routers is called multihop external BGP.

IBGP—Internal Border Gateway Protocol.A BGP session between routers within the same autonomous system.

IGP—Interior Gateway Protocol. Internet protocol used to exchange routing information within an autonomous system. Examples of common Internet IGPs include IGRP, OSPF, and RIP.

LDP—Label Distribution Protocol. A standard protocol between MPLS-enabled routers to negotiate the labels (addresses) used to forward packets.

LSP—label-switched path. A sequence of hops in which a packet travels from one router to another router by means of label switching mechanisms. A label-switched path can be established dynamically, based on normal routing mechanisms, or through configuration.

LSR—label switch router. A router that forwards packets in an MPLS network by looking only at the fixed-length label.

MPLS—Multiprotocol Label Switching. A method for forwarding packets (frames) through a network. MPLS enables routers at the edge of a network to apply labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels.

Multihop BGP—A Border Gateway Protocol between two routers in different autonomous systems that are more than one hop away from each other.

NLRI—Network Layer Reachability Information.BGP sends routing update messages containing NLRI, which describes the route. In this context, an NLRI is a prefix. A BGP update message carries one or more NLRI prefixes and the attributes of a route for the NLRI prefixes. The route attributes include a BGP next hop gateway address, community values, and other information.

P router—provider router. The core router in the service provider network that connects to provider edge (PE) routers. In a packet-switched star topology, a router that is part of the backbone and that serves as the single pipe through which all traffic from peripheral networks must pass on its way to other peripheral networks.

POP—point of presence. An access point to the Internet. A POP has a unique IP address. The ISP or online service provider (such as AOL) has one or more POPs on the Internet. ISP users dial into the POP to connect to the Internet. A POP can reside in rented space owned by the telecommunications carrier (such as Sprint) to which the ISP is connected. A POP usually includes routers, digital/analog call aggregators, servers, and frequently frame relay or ATM switches.

RR—route reflector. A router that advertises, or reflects, IBGP learned routes to other IBGP peers without requiring a full network mesh.

VPN—Virtual Private Network. A group of sites that, as a result of a set of administrative policies, can communicate with each other over a shared backbone.

VPNv4 addresses—When multiple VPNs use the same address space, the VPN addresses are made unique by adding a route distinguisher to the front of the address.

VRF table—VPN routing/forwarding table. A VRF table includes the routing information that defines a customer VPN site that is attached to a provider edge (PE) router. A VRF table consists of the following elements:

•An IP routing table

•A derived forwarding table

•A set of interfaces that use the forwarding table

•A set of rules and routing protocols that determine what goes into the forwarding table